f24cee93df90f534bafd57d1ba22628f7e2da5b96093fc7632ac85c07c91e71b

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa58b8e6f3eeb3d40954908468586540_JaffaCakes118.html
Size

66KB
MD5

aa58b8e6f3eeb3d40954908468586540
SHA1

82c0430381c6f0a68ec580ce45932ef5c1bba5c3
SHA256

f24cee93df90f534bafd57d1ba22628f7e2da5b96093fc7632ac85c07c91e71b
SHA512

b2e8161998a523aacb11ae8a2a3625a86f553c263adf1557c561b465d75f6c7e346621dd0d03795b6cf5f708b1a018f6f070d711c019b9d3dd145ac7c0fc07c0
SSDEEP

1536:YCC+yfE+XwSZVu3R6qAlTjy2xiTKyFNbfHc14iTFSQ2nHxRsnZvfiHhS39PTzfHy:7SXW3J

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
856	msedge.exe
856	msedge.exe
116	identity_helper.exe
116	identity_helper.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe
4772	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 4916	856	msedge.exe	81
PID 856 wrote to memory of 4916	856	msedge.exe	81
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 4644	856	msedge.exe	82
PID 856 wrote to memory of 432	856	msedge.exe	83
PID 856 wrote to memory of 432	856	msedge.exe	83
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84
PID 856 wrote to memory of 4804	856	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa58b8e6f3eeb3d40954908468586540_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff475446f8,0x7fff47544708,0x7fff47544718
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12195408951194110727,509867337004124280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
909B

MD5
0a2ca772ff66d95e8b2cdd97d52e391e

SHA1
b848e8bed776699dc5c921e52910bcf2a5634937

SHA256
92afa055a24d446b7483e0244d4905c9e5fb37550939557e35fe3379c2c218d9

SHA512
7d812e305ec14c68ca9f5bc61f1466f853b349fa8a9c4dee71feb9188f420943242de5986c021b38a037ad96365d9fd03c44b68eb3207341e046c30e4a11ac30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
237abb7ecdacf13a40c4ccff3acc3731

SHA1
8a8a235d4cc7c30baae81d8c071f21a275f107eb

SHA256
fbbfcf80ba70443684d19639b65b422d38d7f8e536986534fde954ec7cb96cad

SHA512
d56c7e4d17ab4865a0d8a2c645d3233837f16998be6691576f68b78248f590b8bd019e75f240efe428b8a2af6594a1c61787669e48594cbcdfa9cd1f422f77e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c947813fcac4924bd28cc392bc7472e

SHA1
3055cd5856fe9f2a109b9a3a1313e3f2d9302dc8

SHA256
a0753b412311ca30425a159b1d1d9e436c448a0fc1dcaf8db21aca0faf6013d0

SHA512
4edeaf2ffe78ad7e8505c6a5df1b8806015b6498a3f0a7a588b4835c3215f822135f354febc20341b1e9acadb4a48b661664998cfb47c0152c7be9b14de3a4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d52fcffbc30fc81cd872caf0e71eccbb

SHA1
a37b22715db746004ef999df0f8640f814b9b03c

SHA256
52197513b7c997efe17471667089b4871679817a2d9abad2464cc63a3f4510fd

SHA512
20ed72c3e977024cf06c55b8a8baacc6e12eb585b46e3702ffb79de543554e25cc6491293582fb0f707d6549370c8a7429a01e66269f5866ac48dd31b98f6f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63ed718bd921affa9f7cfa20f3380fbf

SHA1
43b71b5157d678b7f2d80f0b83b6367237128eb5

SHA256
866f6a911f09294687b850132dbe41514a42c6a221e39e52b77044b474b025db

SHA512
e803068ec00eeedece15364f1fe5d8173dd8ef2456cbbe2ac6dac534d0c991afc7ff0039ec84840bc4f19bba753ce92f89eb0c09b1a9aa5f8de26f593a3f8663

Download Submit